Amendments to the Specification 

Please replace the paragraph that begins on Pagel, line 5 and carries over to Page 2, line 4 with 
the following marked-up replacement paragraph: 

— The present invention is related to the following commonly-assigned U. S. Patents: 

(serial number 09/240,387, filed 01/29/1999), titled "Method, System and Apparatus for 

Selecting Encryption Levels Based on Policy Profiling"; (serial Profiling"; 6,585.778 

(serial number 09/385,899, filed 08/30/1999), titled "Enforcing Data Policy Using Style Sheet 

Processing"; (serial number 09/422,430, filed 10/21/1999), titled "Selective Data 

Encryption Using Style Sheet Processing"; (serial number 09/422,537, filed 10/21/1999), 

titled "Selective Data Encryption Using Style Sheet Processing for Decryption by a Client 

Proxy"; (serial number 09/422,492, filed 10/21/1999), titled "Selective Data Encryption 

Using Style Sheet Processing for Decryption by a Group Clerk"; (serial number 

09/422,431, filed 10/21/1999), titled "Selective Data Encryption Using Style Sheet Processing 

for Decryption by a Key Recovery Agent"; and (serial number 10/455,068, filed 

6/5/2003), titled "Method, System and Program Product for Limiting Insertion of Content 
between Computer Programs". — 

Please replace the paragraph on Page 19, lines 1-17 with the following marked-up replacement 
paragraph: 

- 3) A "zone" may include information such as a security classification of the document 
in which the security container is embedded, a security zone of a Web site in which a document 
is being rendered, an isolation zone to which the embedding document (i.e., the document 
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holding the security container) belongs, and so forth. Isolation zones are disclosed in commonly- 
assigned U. S. Patent /'Method, System and Program Product for Limiting Insertion of 

Content between Computer Programs" (serial number 10/455.068, referred to hereinafter as "the 
isolation zone invention"). For example, an isolation zone may be used to define a collection of 
application programs and/or files that are used only for business purposes (a "business zone"), or 
only for personal use (a "personal zone"), etc. As disclosed in this commonly-assigned patent, 
isolation zones may be used to limit insertion of content across zone boundaries. When an 
attempt is made to insert content from one zone into another zone, the user may be prompted to 
confirm whether he wants to proceed, or he may be required to provide security credentials 
before the insertion can proceed, and so forth. Use of business and personal isolation zones 
thereby reduces the likelihood of (or prevents) the inadvertent insertion of personal information 
into business-related content and vice versa. (Other types of isolation zones may also be defined 
and used to limit content insertion, according to this commonly-assigned patent, and references 
herein to business and personal zones are for illustrative purposes.) — 

Please replace the paragraph on Page 22, lines 7-16 with the following marked-up replacement 
paragraph: 

- Commonly-assigne d U. S. Pat e nt (serial U. S. Patent 6.585 J78 ( serial 

number 09/385,399), titled "Enforcing Data Policy Using Style Sheet Processing", teaches 
techniques whereby the content of a document is controlled using stored policy information. 
Stored "policy objects" are disclosed, where these policy objects are referenced in the schema or 
Document Type Definition ("DTD") that defines allowable document syntax. As an example of 
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using a policy object for enforcing data policy, the context of a user who requests a document can 
be determined, and a policy object can evaluate whether selected portions of that document 
should be delivered to the user, given his current context. Extensions to these policy objects are 

defined in commonly-assigned U. S. Patent (serial number 09/422,430), which is titled 

"Selective Data Encryption Using Style Sheet Processing" (hereinafter, "the selective data 
encryption invention"). — 

Please replace the paragraph on Page 29, lines 8-16 with the following marked-up replacement 
paragraph: 

— In the case of a group, the DN identifies the group. Individuals who are members of 
the group use techniques outside the scope of the present invention to obtain the group's private 

key or request that it be employed on their behalf. Commonly-assigned U. S. Patent 

(serial number 09/422.492), titled "Selective Data Encryption Using Style Sheet Processing for 
Decryption by a Group Clerk", defines one way to accomplish this. (The public key in the X.509 
certificate may therefore belong to a group that is identified in the "subject" field 440, while the 
DN belongs to the group clerk.) However, other techniques may be used for determining a 
group's membership and utilizing the group's private key on behalf of individual group 
members, without deviating from the scope of the present invention. — 

Please replace the paragraph that begins on Page 29, line 17 and carries over to Page 30, line 1 
with the following marked-up replacement paragraph: 

- The manner in which the encryption algorithm and key length are selected, and in 

Serial No. 10/632,156 -4- RSW920030063US1 



which the value of the symmetric key is determined, does not form part of the present invention. 
One way in which the algorithm and key length may be selected is described in commonly- 
assigned U. S. Patent (serial number 09/240387), "Method, System and Apparatus for 

Selecting Encryption Levels Based on Policy Profiling". — 



Serial No. 10/632,156 



-5- 



RSW920030063US1 



